Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jpcert
Published: 2022-02-24T09:50:28
Updated: 2024-08-03T03:51:45.982Z
Reserved: 2022-02-16T00:00:00
Link: CVE-2022-23810
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-02-24T15:15:28.810
Modified: 2024-11-21T06:49:17.847
Link: CVE-2022-23810
Redhat
No data.